This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 31%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EU%3C/text%3E%3C/svg%3E)
Hi,
I want to conditionally validate JWT depending on the origin (subscriber).
I have an api on APIM which needs to support OAUTH2 token from two IDPs.
If Origin is X, I want to validate the token against Identity provider X
Else validate against AAD using validate-jwt policy
Which context property would be best to do this conditional check.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 87%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMU%3C/text%3E%3C/svg%3E)
Hello @ujjwalDev - Why the conditional validation? Have you tried implementing a single <validate-jwt ...> policy with multiple issuers and signing keys? But if you must, I believe you can associate your subscribers to distinct products in APIM and do something like this: https://stackoverflow.com/a/64475306/528779
Thanks for the answer Mike. I will use this approach suggested in the link. I didnt do validat-jwt for both the IDP as one the response from the token validation endpoint of one of the IDPs is not standard. It needs to be parsed to evaluate the response.